Quebec’s Law 25 Compliance Checklist: A Stress-Free Guide for Businesses
By Robin Boucher | 2025-05-27
Reading Time: 6 minutes
Quebec’s Law 25 (formerly Bill 64) is one of North America’s strictest data privacy laws, with fines up to $25 million or 4% of global revenue. But compliance doesn’t have to be overwhelming.
This checklist breaks down exactly what businesses need to do, with:
Every business must designate a person responsible for personal information (often the CEO by default). This person oversees compliance and is the public point of contact.
Review and update your privacy policy to reflect Law 25 requirements. Clearly explain what data you collect, why, how it’s used, and who it’s shared with.
Identify all personal data you collect, where it’s stored, and who has access. Implement security measures (encryption, access controls, regular audits).
Obtain clear consent for data collection and use. Make it easy for individuals to access, correct, or delete their data.
Develop a plan to detect, respond to, and notify authorities/individuals of data breaches within required timelines.
Law 25 is strict, but with a clear checklist and the right resources, compliance is manageable for any business. Start with these steps and review the official guides for more details.